Przykłady dla CWE-77: Improper Neutralization of Special Elements used in a Comma... - CXSecurity.com

	Tytuł	Data	Autor
Med.	QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection	13.07.2018	Core Security Technolo...

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2022-05-16

Medium

CVE-2021-42897

Vendor: Feminer wms project
Software: Feminer wms

A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.

2022-05-12

High

CVE-2022-29303

Updating...

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

2022-05-11

Medium	CVE-2022-1510	Vendor: Gitlab Software: Gitlab	An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.
Low	CVE-2022-1428	Vendor: Gitlab Software: Gitlab	An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.

2022-05-10

High	CVE-2022-28915	Updating...	D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
High	CVE-2022-28913	Updating...	TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
High	CVE-2022-28912	Updating...	TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
High	CVE-2022-28911	Updating...	TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
High	CVE-2022-28910	Updating...	TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
High	CVE-2022-28909	Updating...	TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.

Copyright 2022, cxsecurity.com